Right now Warp client is just always persistent with no reauthentication required, which scares me regarding persistent tunnels. I attempted to adjust token lifetime settings and other options, but can’t get it to ask for re-auth.
Answer:
1.) Make sure Warp Client is set with “Gateway” posture check.
2.) Make sure Warp profile is set for “Gateway with Warp” mode
3.) Create Gateway → Firewall Policy → Network Policy is set with a policy to monitor for traffic you would like to trigger re-auth on, and set “Enforce Warp Client Session Duration” to be how often you want the client to force re-auth when this specific type of traffic is triggered.